arunesh sinha cmu ph.d.medianetlab.ee.ucla.edu/socalnegt2014/sinha.pdfinfinite! 8 auditees ... a...
TRANSCRIPT
![Page 1: Arunesh Sinha CMU Ph.D.medianetlab.ee.ucla.edu/SocalNEGT2014/Sinha.pdfInfinite! 8 Auditees ... A non-convex optimization ... Speeds up computation for audit games and special cases](https://reader036.vdocuments.us/reader036/viewer/2022081411/60a7a633e700c347614213b7/html5/thumbnails/1.jpg)
Arunesh Sinha
CMU Ph.D. → USC PostDoc
![Page 2: Arunesh Sinha CMU Ph.D.medianetlab.ee.ucla.edu/SocalNEGT2014/Sinha.pdfInfinite! 8 Auditees ... A non-convex optimization ... Speeds up computation for audit games and special cases](https://reader036.vdocuments.us/reader036/viewer/2022081411/60a7a633e700c347614213b7/html5/thumbnails/2.jpg)
𝑛 potential misdeeds by adversary
2
![Page 3: Arunesh Sinha CMU Ph.D.medianetlab.ee.ucla.edu/SocalNEGT2014/Sinha.pdfInfinite! 8 Auditees ... A non-convex optimization ... Speeds up computation for audit games and special cases](https://reader036.vdocuments.us/reader036/viewer/2022081411/60a7a633e700c347614213b7/html5/thumbnails/3.jpg)
𝑛 potential misdeeds by adversary
Resource constrained defender can inspect/protect only 𝑘 < 𝑛
3
![Page 4: Arunesh Sinha CMU Ph.D.medianetlab.ee.ucla.edu/SocalNEGT2014/Sinha.pdfInfinite! 8 Auditees ... A non-convex optimization ... Speeds up computation for audit games and special cases](https://reader036.vdocuments.us/reader036/viewer/2022081411/60a7a633e700c347614213b7/html5/thumbnails/4.jpg)
Inspect: Auditing for enforcing policies (network policy, financial policy, etc.)
𝑛 cases to be audited by human auditors, only 𝑘 inspections possible
4
![Page 5: Arunesh Sinha CMU Ph.D.medianetlab.ee.ucla.edu/SocalNEGT2014/Sinha.pdfInfinite! 8 Auditees ... A non-convex optimization ... Speeds up computation for audit games and special cases](https://reader036.vdocuments.us/reader036/viewer/2022081411/60a7a633e700c347614213b7/html5/thumbnails/5.jpg)
Inspect: Auditing for enforcing policies (network policy, financial policy, etc.)
𝑛 cases to be audited by human auditors, only 𝑘 inspections possible
Protect: Security games [Tambe et al.]
𝑛 targets that can be attacked, 𝑘 security resources available for defense
5
![Page 6: Arunesh Sinha CMU Ph.D.medianetlab.ee.ucla.edu/SocalNEGT2014/Sinha.pdfInfinite! 8 Auditees ... A non-convex optimization ... Speeds up computation for audit games and special cases](https://reader036.vdocuments.us/reader036/viewer/2022081411/60a7a633e700c347614213b7/html5/thumbnails/6.jpg)
Inspector would like to prevent misdeeds
Clearly, punishment helps to deter.
In auditing in organizations, punishment can be chosen by the defender
6
![Page 7: Arunesh Sinha CMU Ph.D.medianetlab.ee.ucla.edu/SocalNEGT2014/Sinha.pdfInfinite! 8 Auditees ... A non-convex optimization ... Speeds up computation for audit games and special cases](https://reader036.vdocuments.us/reader036/viewer/2022081411/60a7a633e700c347614213b7/html5/thumbnails/7.jpg)
Inspector would like to prevent misdeeds
Clearly, punishment helps to deter.
In auditing in organizations, punishment can be chosen by the defender
How much to punish?
7
![Page 8: Arunesh Sinha CMU Ph.D.medianetlab.ee.ucla.edu/SocalNEGT2014/Sinha.pdfInfinite! 8 Auditees ... A non-convex optimization ... Speeds up computation for audit games and special cases](https://reader036.vdocuments.us/reader036/viewer/2022081411/60a7a633e700c347614213b7/html5/thumbnails/8.jpg)
Inspector would like to prevent misdeeds
Clearly, punishment helps to deter.
In auditing in organizations, punishment can be chosen by the defender
How much to punish?
Infinite!
8
![Page 9: Arunesh Sinha CMU Ph.D.medianetlab.ee.ucla.edu/SocalNEGT2014/Sinha.pdfInfinite! 8 Auditees ... A non-convex optimization ... Speeds up computation for audit games and special cases](https://reader036.vdocuments.us/reader036/viewer/2022081411/60a7a633e700c347614213b7/html5/thumbnails/9.jpg)
Auditees (employees) work for the organization
Punishing employees may cause loss for organization itself
9
![Page 10: Arunesh Sinha CMU Ph.D.medianetlab.ee.ucla.edu/SocalNEGT2014/Sinha.pdfInfinite! 8 Auditees ... A non-convex optimization ... Speeds up computation for audit games and special cases](https://reader036.vdocuments.us/reader036/viewer/2022081411/60a7a633e700c347614213b7/html5/thumbnails/10.jpg)
Auditees (employees) work for the organization
Punishing employees may cause loss for organization itself
High punishment level
Negative work environment -> loss for organization
Immediate loss from punishment -> Suspension/Firing means loss for org.
10
![Page 11: Arunesh Sinha CMU Ph.D.medianetlab.ee.ucla.edu/SocalNEGT2014/Sinha.pdfInfinite! 8 Auditees ... A non-convex optimization ... Speeds up computation for audit games and special cases](https://reader036.vdocuments.us/reader036/viewer/2022081411/60a7a633e700c347614213b7/html5/thumbnails/11.jpg)
Auditees (employees) work for the organization
Punishing employees may cause loss for organization itself
High punishment level
Negative work environment -> loss for organization
Immediate loss from punishment -> Suspension/Firing means loss for org.
How much to punish?
11
![Page 12: Arunesh Sinha CMU Ph.D.medianetlab.ee.ucla.edu/SocalNEGT2014/Sinha.pdfInfinite! 8 Auditees ... A non-convex optimization ... Speeds up computation for audit games and special cases](https://reader036.vdocuments.us/reader036/viewer/2022081411/60a7a633e700c347614213b7/html5/thumbnails/12.jpg)
Auditees (employees) work for the organization
Punishing employees may cause loss for organization itself
High punishment level
Negative work environment -> loss for organization
Immediate loss from punishment -> Suspension/Firing means loss for org.
How much to punish?
A game theorist’s view: Punishment should maximize defender’s utility
Punishment may not necessarily deter!
12
![Page 13: Arunesh Sinha CMU Ph.D.medianetlab.ee.ucla.edu/SocalNEGT2014/Sinha.pdfInfinite! 8 Auditees ... A non-convex optimization ... Speeds up computation for audit games and special cases](https://reader036.vdocuments.us/reader036/viewer/2022081411/60a7a633e700c347614213b7/html5/thumbnails/13.jpg)
Defender chooses a randomized allocation of limited resources
Also, chooses a punishment level, say 𝑥
13
![Page 14: Arunesh Sinha CMU Ph.D.medianetlab.ee.ucla.edu/SocalNEGT2014/Sinha.pdfInfinite! 8 Auditees ... A non-convex optimization ... Speeds up computation for audit games and special cases](https://reader036.vdocuments.us/reader036/viewer/2022081411/60a7a633e700c347614213b7/html5/thumbnails/14.jpg)
Defender chooses a randomized allocation of limited resources
Also, chooses a punishment level, say 𝑥
Adversary plays his best response
Chooses a misdeed to commit
A dummy misdeed can be added to account for no misdeed
Adversary gets punished if the misdeed is caught
14
![Page 15: Arunesh Sinha CMU Ph.D.medianetlab.ee.ucla.edu/SocalNEGT2014/Sinha.pdfInfinite! 8 Auditees ... A non-convex optimization ... Speeds up computation for audit games and special cases](https://reader036.vdocuments.us/reader036/viewer/2022081411/60a7a633e700c347614213b7/html5/thumbnails/15.jpg)
Defender chooses a randomized allocation of limited resources
Also, chooses a punishment level, say 𝑥
Adversary plays his best response
Chooses a misdeed to commit
A dummy misdeed can be added to account for no misdeed
Adversary gets punished if the misdeed is caught
A leader-follower (Stackelberg) game
15
![Page 16: Arunesh Sinha CMU Ph.D.medianetlab.ee.ucla.edu/SocalNEGT2014/Sinha.pdfInfinite! 8 Auditees ... A non-convex optimization ... Speeds up computation for audit games and special cases](https://reader036.vdocuments.us/reader036/viewer/2022081411/60a7a633e700c347614213b7/html5/thumbnails/16.jpg)
1 0 0 0
0 0 1 0
0 0 0 1
Cases to be inspected
16
![Page 17: Arunesh Sinha CMU Ph.D.medianetlab.ee.ucla.edu/SocalNEGT2014/Sinha.pdfInfinite! 8 Auditees ... A non-convex optimization ... Speeds up computation for audit games and special cases](https://reader036.vdocuments.us/reader036/viewer/2022081411/60a7a633e700c347614213b7/html5/thumbnails/17.jpg)
A non-convex optimization
Non-convex only due to punishment level 𝑥
17
![Page 18: Arunesh Sinha CMU Ph.D.medianetlab.ee.ucla.edu/SocalNEGT2014/Sinha.pdfInfinite! 8 Auditees ... A non-convex optimization ... Speeds up computation for audit games and special cases](https://reader036.vdocuments.us/reader036/viewer/2022081411/60a7a633e700c347614213b7/html5/thumbnails/18.jpg)
Fixed parameter tractable algorithm
Discretize 𝑥, and solve each resultant LP
Fixed parameter is the bit-precision
18J. Blocki, N. Christin, A. Datta, A. Procaccia, A. Sinha, Audit Games with Multiple Defender Resources, AAAI 2015 (to appear)
J. Blocki, N. Christin, A. Datta, A. Procaccia, A. Sinha, Audit Games, IJCAI 2013
![Page 19: Arunesh Sinha CMU Ph.D.medianetlab.ee.ucla.edu/SocalNEGT2014/Sinha.pdfInfinite! 8 Auditees ... A non-convex optimization ... Speeds up computation for audit games and special cases](https://reader036.vdocuments.us/reader036/viewer/2022081411/60a7a633e700c347614213b7/html5/thumbnails/19.jpg)
Fixed parameter tractable algorithm
Discretize 𝑥, and solve each resultant LP
Fixed parameter is the bit-precision
Fully polynomial time approximation
Under certain restrictions on the combinatorial constraints
19J. Blocki, N. Christin, A. Datta, A. Procaccia, A. Sinha, Audit Games with Multiple Defender Resources, AAAI 2015 (to appear)
J. Blocki, N. Christin, A. Datta, A. Procaccia, A. Sinha, Audit Games, IJCAI 2013
![Page 20: Arunesh Sinha CMU Ph.D.medianetlab.ee.ucla.edu/SocalNEGT2014/Sinha.pdfInfinite! 8 Auditees ... A non-convex optimization ... Speeds up computation for audit games and special cases](https://reader036.vdocuments.us/reader036/viewer/2022081411/60a7a633e700c347614213b7/html5/thumbnails/20.jpg)
Fixed parameter tractable algorithm
Discretize 𝑥, and solve each resultant LP
Fixed parameter is the bit-precision
Fully polynomial time approximation
Under certain restrictions on the combinatorial constraints
Transformation of the combinatorial constraints to a compact form
Speeds up computation for audit games and special cases of security games
20J. Blocki, N. Christin, A. Datta, A. Procaccia, A. Sinha, Audit Games with Multiple Defender Resources, AAAI 2015 (to appear)
J. Blocki, N. Christin, A. Datta, A. Procaccia, A. Sinha, Audit Games, IJCAI 2013
![Page 21: Arunesh Sinha CMU Ph.D.medianetlab.ee.ucla.edu/SocalNEGT2014/Sinha.pdfInfinite! 8 Auditees ... A non-convex optimization ... Speeds up computation for audit games and special cases](https://reader036.vdocuments.us/reader036/viewer/2022081411/60a7a633e700c347614213b7/html5/thumbnails/21.jpg)
Case specific punishment 𝑥1, … , 𝑥𝑛, instead of a single punishment level 𝑥
Result: A fixed parameter tractable algorithm
Uses a discretization approach as before
The resultant sub-problems are instances of second order cone programs
21
![Page 22: Arunesh Sinha CMU Ph.D.medianetlab.ee.ucla.edu/SocalNEGT2014/Sinha.pdfInfinite! 8 Auditees ... A non-convex optimization ... Speeds up computation for audit games and special cases](https://reader036.vdocuments.us/reader036/viewer/2022081411/60a7a633e700c347614213b7/html5/thumbnails/22.jpg)
22
Optimal inspection allocation and punishment policy can be computed efficiently
Punishment costs lead to tradeoff between deterrence and loss due to misdeed